Email Routing : Subnet Question - Slackware

This is a discussion on Email Routing : Subnet Question - Slackware ; Is it possible to have a preferred SMTP server for a specific domain? For example, suppose I would like to send a message to joe.user@example.com . I know that the server at 192.168.1.10 accepts mail for example.com. If that server ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Email Routing : Subnet Question

  1. Email Routing : Subnet Question

    Is it possible to have a preferred SMTP server for a specific domain? For
    example, suppose I would like to send a message to joe.user@example.com. I
    know that the server at 192.168.1.10 accepts mail for example.com. If that
    server is up and working, then it will be the most efficient first
    hop. If it is down, then the results that are obtained by global DNS would
    be correct.

    Right now, my local server is not listed among the results obtained here:

    $ dig example.com MX

    example.com. 3600 IN MX 10 smtp1.example.com.
    example.com. 3600 IN MX 20 smtp2.example.com.
    example.com. 3600 IN MX 30 smtp3.example.com.
    example.com. 3600 IN MX 40 smtp4.example.com.

    These are valid servers form my subnet, just not optimal. Email will be
    delivered to joe.user using any of these addresses, but will require
    using a slow network link. It would be better if 192.168.1.10 were tried
    first, but only for example.com.

    Other information: I control DNS for subnet.example.com, but not "all" of
    example.com.

    I would like to have a local rule in effect that basically uses a
    localized rule:

    $ dig example.com MX

    example.com. 3600 IN MX 5 192.168.1.10. <- local override
    example.com. 3600 IN MX 10 smtp1.example.com. <- global
    example.com. 3600 IN MX 20 smtp2.example.com.
    example.com. 3600 IN MX 30 smtp3.example.com.
    example.com. 3600 IN MX 40 smtp4.example.com.

    Is this type of configuration better handled via Sendmail, DNS, or a
    combination of both?

    Thanks in advance.

    --
    Douglas Mayne

  2. Re: Email Routing : Subnet Question

    Douglas Mayne wrote:

    > I would like to have a local rule in effect that basically uses a
    > localized rule:
    >
    > $ dig example.com MX
    >
    > example.com. 3600 IN MX 5 192.168.1.10. <- local override
    > example.com. 3600 IN MX 10 smtp1.example.com. <- global
    > example.com. 3600 IN MX 20 smtp2.example.com.
    > example.com. 3600 IN MX 30 smtp3.example.com.
    > example.com. 3600 IN MX 40 smtp4.example.com.
    >
    > Is this type of configuration better handled via Sendmail, DNS, or a
    > combination of both?


    Faced with a similar problem, I would turn to Sendmail's mailertable
    feature (leave your DNS config listing only smtp*.example.com MXes),
    and put in something similar to the following (not tested):

    example.com esmtp:[192.168.1.10]:example.com

    If that doesn't produce the expected result, I would hard-code the
    order, as follows:

    example.com esmtp:[192.168.1.10]:[smtp1.example.com]:[smtp2.example.com]:[smtp3.example.com]:[smtp4.example.com]

    I hope that helps ...

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  3. Re: Email Routing : Subnet Question

    On Tue, 7 Oct 2008 20:02:14 +0000 (UTC), Sylvain Robitaille wrote:

    >Douglas Mayne wrote:
    >
    >> I would like to have a local rule in effect that basically uses a
    >> localized rule:

    ....
    >I hope that helps ...


    Which reminds me:

    Does this log event series from sendmail indicate my setup is safe?

    Oct 7 21:19:32 deltree sm-mta[6776]: m97AJUPT006776: 220-132-164-157.HINET-IP.hinet.net [220.132.164.157] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
    Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ruleset=check_rcpt, arg1=, relay=220-132-164-157.HINET-IP.hinet.net [220.132.164.157], reject=550 5.7.1 ... Relaying denied
    Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: lost input channel from 220-132-164-157.HINET-IP.hinet.net [220.132.164.157] to MTA after data
    Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=220-132-164-157.HINET-IP.hinet.net [220.132.164.157]
    ^^^^^^^^^^^^^^--> same ref means
    last three log records describe the one event? 'Cos then I'm okay with
    the relaying denied response.

    Thanks,
    Grant.
    --
    http://bugsplatter.id.au/

  4. Re: Email Routing : Subnet Question

    Grant wrote:

    > Does this log event series from sendmail indicate my setup is safe?


    If "safe" is defined as "not relaying mail from 220.129.0.0/12 (in fact,
    probably even only 220.132.0.0/16) that are destined to recipients in
    yahoo.com.tw", then yes. However, your log extract does not provide
    enough information to deduce any more than that about your Sendmail
    configuration.

    > ...
    > Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ...
    > Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ...
    > Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ...
    > ^^^^^^^^^^^^^^--> same ref means
    > last three log records describe the one event?


    Yes: the same queue-id in the log lines means these lines refer to the
    same SMTP transaction.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst / (ex)Postmaster Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  5. Re: Email Routing : Subnet Question

    On Wed, 8 Oct 2008 04:37:56 +0000 (UTC), Sylvain Robitaille wrote:

    >Grant wrote:
    >
    >> Does this log event series from sendmail indicate my setup is safe?

    >
    >If "safe" is defined as "not relaying mail from 220.129.0.0/12 (in fact,
    >probably even only 220.132.0.0/16) that are destined to recipients in
    >yahoo.com.tw", then yes. However, your log extract does not provide
    >enough information to deduce any more than that about your Sendmail
    >configuration.


    Thanks, was wondering about the group of three looking like one event.

    Apologies for thread-hijack

    Google handles mail to my domain name while dodo is ISP delivery, rest
    is localnet. Localnet also called mire.mine.nu inside but resolves to
    public address outside (is wildcard name from dyndns). I have full
    control over the bugsplatter.id.au name's A, CNAME and MX records if it
    matters. Also other names at dyndns with gather.mine.nu set as their
    MX, but I'm not sure where to hook that in, so it's in the too hard
    basket for now.

    These don't really matter, except it would be handy to know how it's
    done. One use is so I can put up a web form with mail option, at the
    moment the button prompt says "Be astonished if the button works"


    Basically I don't really need incoming to sendmail but opened the port
    because both googlemail and dodo send back a response when I send mail
    from the slackware boxes.

    What I want to do is be able to send scripted email from slack box (git
    patchsets & stuff -- when I learn how to drive git without breaking the
    repository

    If the current is basically safe from relaying, then I can play with it
    and perhaps discover the right settings...

    Configuration is simple?

    # cat access
    google.com OK
    mail-hub.dodo.com.au OK
    localhost RELAY
    127.0.0.1 RELAY
    192.168.1 RELAY
    192.168.2 RELAY

    # cat virtusertable
    @bugsplatter.id.au grant
    @mire.mine.nu grant

    domaintable, mailertable & trusted-users are empty

    aliases is default plus a couple entries

    and then I have some .mc changes:

    root@deltree:/usr/share/sendmail/cf/cf# diff -u sendmail-slackware.mc.bkp sendmail-slackware.mc
    --- sendmail-slackware.mc.bkp 2006-10-01 10:34:03.000000000 +1000
    +++ sendmail-slackware.mc 2008-09-29 11:43:56.000000000 +1000
    @@ -14,13 +14,16 @@
    OSTYPE(`linux')dnl
    dnl# These settings help protect against people verifying email addresses
    dnl# at your site in order to send you email that you probably don't want:
    -define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
    +define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun,goaway')d nl
    dnl# Uncomment the line below to send outgoing mail through an external server:
    -dnl define(`SMART_HOST',`mailserver.example.com')
    +define(`SMART_HOST',`smtp.dodo.com.au')
    dnl# No timeout for ident:
    define(`confTO_IDENT', `0')dnl
    dnl# Enable the line below to use smrsh to restrict what sendmail can run:
    dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
    +MASQUERADE_AS(`bugsplatter.id.au')dnl
    +MASQUERADE_DOMAIN(`bugsplatter.mine.nu')dnl
    +FEATURE(`masquerade_envelope')dnl
    dnl# See the README in /usr/share/sendmail/cf for a ton of information on
    dnl# how these options work:
    FEATURE(`use_cw_file')dnl

    Any pointers would help, the various example leave me a bit confused, but
    less so than the last time I tried this couple or three years ago.

    Thanks,
    Grant.
    --
    http://bugsplatter.id.au/

  6. Re: Email Routing : Subnet Question

    Grant wrote:

    > ... other names at dyndns with gather.mine.nu set as their MX, but I'm
    > not sure where to hook that in, so it's in the too hard basket for
    > now.


    See cf/README for local-host-names and virtusertable.

    > Any pointers would help, the various example leave me a bit confused,
    > but less so than the last time I tried this couple or three years ago.


    It's hard to give pointers; I'm not sure I understand properly what
    you're trying to do, but if I got it, your virtusertable will work, and
    now all you need is to tell Sendmail to accept mail for the external
    domain as "local". Does that help?

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst / (ex)Postmaster Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  7. Re: Email Routing : Subnet Question

    On Wed, 8 Oct 2008 14:48:02 +0000 (UTC), Sylvain Robitaille wrote:

    >Grant wrote:
    >
    >> ... other names at dyndns with gather.mine.nu set as their MX, but I'm
    >> not sure where to hook that in, so it's in the too hard basket for
    >> now.

    >
    >See cf/README for local-host-names and virtusertable.


    Okay.
    >
    >> Any pointers would help, the various example leave me a bit confused,
    >> but less so than the last time I tried this couple or three years ago.

    >
    >It's hard to give pointers; I'm not sure I understand properly what
    >you're trying to do, but if I got it, your virtusertable will work, and
    >now all you need is to tell Sendmail to accept mail for the external
    >domain as "local". Does that help?


    Sort of, it will become more clear in time. Main thing was not to have
    some menace in the setup waiting to surprise me

    Thanks,
    Grant.
    --
    http://bugsplatter.id.au/

  8. Re: Email Routing : Subnet Question

    On Tue, 07 Oct 2008 20:02:14 +0000, Sylvain Robitaille wrote:

    > Douglas Mayne wrote:
    >
    >> I would like to have a local rule in effect that basically uses a
    >> localized rule:
    >>
    >> $ dig example.com MX
    >>
    >> example.com. 3600 IN MX 5 192.168.1.10. <- local override
    >> example.com. 3600 IN MX 10 smtp1.example.com. <- global
    >> example.com. 3600 IN MX 20 smtp2.example.com.
    >> example.com. 3600 IN MX 30 smtp3.example.com.
    >> example.com. 3600 IN MX 40 smtp4.example.com.
    >>
    >> Is this type of configuration better handled via Sendmail, DNS, or a
    >> combination of both?

    >
    > Faced with a similar problem, I would turn to Sendmail's mailertable
    > feature (leave your DNS config listing only smtp*.example.com MXes),
    > and put in something similar to the following (not tested):
    >
    > example.com esmtp:[192.168.1.10]:example.com
    >
    > If that doesn't produce the expected result, I would hard-code the
    > order, as follows:
    >
    > example.com esmtp:[192.168.1.10]:[smtp1.example.com]:[smtp2.example.com]:[smtp3.example.com]:[smtp4.example.com]
    >
    > I hope that helps ...
    >

    Thanks for the info. I haven't played around much with sendmail. I tested
    the first variant of mailertable (above), and it does work at the machine
    which has been modified; that machine redirects mail to the best target.
    I also tried another test using sendmail's virtusertable. The problem with
    that is the email address hits the good first hop, but its address is
    re-written to be joe.user@subnet.example.com. That address does not exist;
    it should be joe.user@example.com. And with either mailertable or
    virtuserstable, I will need to modify all machines on the network.

    I am also still thinking about a DNS hack of some sort because that could
    fix all machines at once. It also has the potential to break them all,
    too One idea I had was to hijack the highest priority MX record, but
    I am not quite sure how I'd implement that.

    As a followup question, what type of DNS zone could be used to
    insert/overwrite a host within example.com. I did some simple tests with
    DNS, but haven't hit on the solution, yet. Also while thinking this over
    it looks like a DNS hack may fix the mail problem, but potentially break
    other things. For example, I would like DNS to work as intended (dynamic
    updates, etc.), and without maintaining a local static hosts file. Any
    hope of that, or should I call that a "dead end" route?

    Thanks!

    --
    Douglas Mayne

  9. Re: Email Routing : Subnet Question

    Douglas Mayne wrote:

    > ... with either mailertable or virtuserstable, I will need to modify
    > all machines on the network.


    Have all machines setup as a "dumb client", submitting messages to the
    same (pair of) centralized smart-host(s), and have the smart-host(s)
    configured with the mailertable example I suggested. You shouldn't need
    an smtp daemon on all your client systems.

    > I am also still thinking about a DNS hack of some sort because that
    > could fix all machines at once.


    Views, maybe? Are you authoritative for example.com?

    > ... what type of DNS zone could be used to insert/overwrite a host
    > within example.com.


    I don't think you can (or should) do that if you're not authoritative
    for example.com. If you *are* authoritative, you should be able to
    manage it with different views for your local network than from the rest
    of the world.

    > ... I would like DNS to work as intended (dynamic updates, etc.), and
    > without maintaining a local static hosts file. Any hope of that, or
    > should I call that a "dead end" route?


    Why are you putting anything other than the local system's entry in
    your hosts file in the first place? Let DNS manage the hostname to IP
    address map for you. That's what it's for.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Network and Systems analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

+ Reply to Thread